Purpose and scope
Marks & Clerk LLP, any entity trading under the name Marks & Clerk and associated entities within the Marks and Clerk Group (“the Group”) is committed to the protection of personal data (data relating to an identified or identifiable individual) and to fair and transparent processing of this data. This privacy notice sets out how and why the Group collects and processes personal data in the course of its business. It applies to personal data provided directly to the Group by the individuals concerned, other companies and / or organisations, and applies to people in the UK or EU and / or any processing of any personal data in the UK or the EU.
Each firm within the Group is a "data controller" (referred to together as 'we' or 'us' for the purposes of this notice). This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
What personal data does the Group collect?
The Group collects personal data only to the extent necessary to provide services to its clients and for other agreed purposes. Such personal data may be used for the following:
- Provision of professional services – the Group may have to process personal data in order to perform such services and/or provide advice and deliverables to its clients.
- Managing, administering and developing the business – the Group processes personal data in order to manage relationships with clients; develop business and services; maintain and develop IT systems; manage and host events; and to administer and manage the Group’s website, systems and applications.
- Quality and risk management, and security – the Group uses various measures to protect personal data and other client information, which includes monitoring the services provided to clients to detect, investigate and resolve security threats. Such monitoring may involve processing personal data, for example the automatic scanning of email correspondence for threats.
- Providing information about services to clients – unless the relevant individual has opted-out, the Group may use client business contact details to provide information about its services, and activities and events that may be of interest.
- Compliance with legal obligations – the Group may be required to process and/or retain personal data to fulfil its legal obligations.
Personal data and third parties
The Group will only share personal data with third parties where it is appropriate to do so for the performance of its services and where it is legally permitted to do so. The Group will not provide information to third parties for their own marketing purposes. Where the Group transfers personal data to third parties, it will put in place appropriate contractual arrangements and seek to ensure that there are appropriate technical and organisational measures in place to protect personal data.
International transfers of personal data
In the course of running our business and providing services to clients the Group may transfer personal data within the Group to countries outside the UK or to third parties located in other countries.
The Group will only store personal data for as long as necessary for the purposes for which it was collected, or as required by law.
Unless there are any overriding legal, regulatory or contractual requirements, the Group will retain records of services provided (which may include personal data) in accordance with the Group’s document retention policy.
You have rights in relation to any of your personal data held by the Group. Should you wish to exercise your rights, please contact the Group’s Data Protection Coordinator via email at firstname.lastname@example.org. The Group will endeavour to respond to any request promptly and within any legally required time limit.
The Group’s Data Protection Coordinator is responsible for ensuring that this notice is made available to data subjects prior to the Group collecting, processing and storing their personal data.
In the event that you wish to make a complaint about the processing of your personal data by the Group, you should contact the Group’s Data Protection Coordinator at: email@example.com.
You also have the right to make a complaint about the processing of your data to the Information Commissioners Office. For further information, please visit: www.ico.org.uk.